7/9/2003 -- Last month Microsoft introduced new security specializations for its MCSA and MCSE titles. Frankly, I just can't get excited about them.

To me, MCSA: Security and MCSE: Security seem to be more about sending another signal to the IT world that Microsoft is serious about security than about offering certification paths that will benefit holders and those who will employ them.

Of course, all vendor certifications are about marketing in one way or another, but these new announcements appear to have less substance than most. After all, the exams were already there -- these new certifications only offer a new label for them. This seems to be not unlike when Microsoft announced the now-defunct MCSE+I title, which rightly died a quick death because of the meaningless adoption of the "Internet" within its name. It never reached critical mass and was soon abandoned. And let's not mention all of those MCP specializations that also no longer exist . . .

Nowadays security is such an integral component in working with an operating system that separating it out for a certification title doesn't make any practical sense. (This was the argument that Microsoft certification representatives had used in the past when asked about including a security specialization; that it was included in the core certification program). It's like offering a driving license with a specialization in the accelerator. Hiring managers will likely assume that someone with an MCSE will likely have the knowledge already required for the MCSE: Security. So, where's the beef?

If I were in the position to tweak Microsoft's certification program, there's three changes I'd would have made instead:

1) Add a compulsory hands-on lab exam to the MCSE.
See my earlier column here for more on my reasons for this.

2) Require fewer exams overall in the MCSE program.
Let's face it: The number of exams needed to earn the MCSE (seven!) is getting ridiculous, especially considering that with the current elective options, most people will take all operating systems exams instead of those in areas like Exchange and SQL Server. There simply isn't a need to take that many exams on one topic, no matter how complex the information can get. Surely five is enough! Otherwise, the certification program becomes more of a battle of attrition than a test of technical skills. Plus, there's already too many overlapping objectives within the content of the program's current exams.

3) Add electives for scripting and automation of administration tasks.
This is such a powerful area --- something I think more people should have a good working knowledge of. Certainly those who do system administration for Unix and mainframe platforms are expected to be able to work with scripts, so I don't see why the same shouldn't be true for those who work with Windows.

One thing I will say for the security specializations is that the inclusion of the CompTIA Security+ exam (as an optional elective) is an interesting development. I see it as further evidence that these single CompTIA exams covering elementary knowledge in a specific area can be more useful and valuable when part of a larger certification program (we also see this with the use of CompTIA titles in other programs, including Novell). Maybe this is the role that CompTIA will play in the industry going forward -- providing common building blocks for other certification programs.

Now if Microsoft can do something about the never-ending stream of hotfixes I have to have my team analyze, test and deploy to our supported server fleet, I will be impressed. A cynic may say that at least it keeps us employed, but it sure doesn't offer any business value having to waste so much effort here. The jury is still out on whether Windows 2003 is going to deliver on the promise of the trustworthy computing initiative, or whether we will have to wait for something else altogether.

Are you interested in completing these new certifications? If the new certifications left you flat too, what changes would you be excited about?. Let me know by posting your thoughts below.